1. Field of the Invention
The present invention generally relates to the protection of data and software on a computer system from various forms of attack, including protection against attacks from other software on the computer system. More specifically, in an exemplary embodiment, two new machine instructions control encryption/decryption to provide a mechanism by which sensitive software and data in a Secure Object are encrypted at all times except for the period of time that the sensitive software and data are in use inside the CPU.
2. Background/Related Art
The Internet is a powerful tool that has transformed the world. As former chairman and CEO of IBM Lou Gerstner put it “The Internet is nothing less than the single most powerful tool that we have ever seen for driving business, economic and societal change”.
But like many tools, this tool can be used for good or ill. Almost every week, we hear of incidents in which systems are compromised and sensitive information is stolen in an Internet-based attack.
Some recent news items include:
Britain's MI5: Chinese Cyberattacks Target Top Companies, The Times (of London), Dec. 3, 2007;
Illicit software blamed for massive data breach: Unauthorized computer programs, secretly installed on servers in Hannaford Brothers supermarkets compromised up to 4.2 million debit and credit cards, AP, Mar. 28, 2008;
Russian Gang Hijacking PC's in Vast Scheme, NY Times, Aug. 6, 2008;
Eight Million People at Risk of ID Fraud after Credit Card Details are Stolen by Hotel Chain Hackers, (UK) Daily Mail, Aug. 25, 2008;
Bank of NY Mellon Data Breach Now Affects 12.5 Million, Reuters, Aug. 28, 2008; and
US authorities charged 11 people from five countries with stealing tens of millions of credit and debit card numbers from several retailers including TJX Cos, Reuters Aug. 28, 2008 (a quote from the Bank of NY article above).
And there have been many other similar incidents.
Thus, a need exists for systems and methods that can help prevent the theft of information from a computer system in an Internet-based attack and a need to protect sensitive data and software on a computer system from other software including software that an attacker may be able to introduce into a targeted computer system.